app-admin/sudo/sudo-1.8.3_p2.ebuild

# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.8.3_p2.ebuild,v 1.10 2012/04/23 23:30:13 vapier Exp $

EAPI="4"

inherit eutils pam multilib libtool

MY_P=${P/_/}
MY_P=${MY_P/beta/b}

uri_prefix=
case ${P} in
*_beta*|*_rc*) uri_prefix=beta/ ;;
esac

DESCRIPTION="Allows users or groups to run commands as other users"
HOMEPAGE="http://www.sudo.ws/"
SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
        ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"

# Basic license is ISC-style as-is, some files are released under
# 3-clause BSD license
LICENSE="as-is BSD"
SLOT="0"
KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
IUSE="ldap nls pam offensive selinux skey"

DEPEND="pam? ( virtual/pam )
        skey? ( >=sys-auth/skey-1.1.5-r1 )
        ldap? (
                >=net-nds/openldap-2.1.30-r1
                dev-libs/cyrus-sasl
        )
        sys-libs/zlib"
RDEPEND="${DEPEND}
        selinux? ( sec-policy/selinux-sudo )
        ldap? ( dev-lang/perl )
        pam? ( sys-auth/pambase )
        >=app-misc/editor-wrapper-3
        virtual/editor
        virtual/mta"
DEPEND="${DEPEND}
        sys-devel/bison"

S=${WORKDIR}/${MY_P}

REQUIRED_USE="pam? ( !skey ) skey? ( !pam )"

MAKEOPTS+=" SAMPLES="

src_prepare() {
        epatch "${FILESDIR}"/${PN}-1.8.3_p1-linguas.patch
        epatch "${FILESDIR}"/${PN}-1.8.3_p1-no-utmpx.patch
        elibtoolize
}

set_rootpath() {
        # FIXME: secure_path is a compile time setting. using ROOTPATH
        # is not perfect, env-update may invalidate this, but until it
        # is available as a sudoers setting this will have to do.
        einfo "Setting secure_path ..."

        # first extract the default ROOTPATH from build env
        ROOTPATH=$(unset ROOTPATH; . /etc/profile.env; echo "${ROOTPATH}")
        if [[ -z ${ROOTPATH} ]] ; then
                ewarn " Failed to find ROOTPATH, please report this"
        fi

        # then remove duplicate path entries
        cleanpath() {
                local newpath thisp IFS=:
                for thisp in $1 ; do
                        if [[ :${newpath}: != *:${thisp}:* ]] ; then
                                newpath+=:$thisp
                        else
                                einfo "   Duplicate entry ${thisp} removed..."
                        fi
                done
                ROOTPATH=${newpath#:}
        }
        cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}

        # finally, strip gcc paths #136027
        rmpath() {
                local e newpath thisp IFS=:
                for thisp in ${ROOTPATH} ; do
                        for e ; do [[ $thisp == $e ]] && continue 2 ; done
                        newpath+=:$thisp
                done
                ROOTPATH=${newpath#:}
        }
        rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'

        einfo "... done"
}

src_configure() {
        local ROOTPATH
        set_rootpath

        # audit: somebody got to explain me how I can test this before I
        # enable it.. - Diego
        # plugindir: autoconf code is crappy and does not delay evaluation
        # until `make` time, so we have to use a full path here rather than
        # basing off other values.
        econf \
                --enable-zlib=system \
                --with-secure-path="${ROOTPATH}" \
                --with-editor=/usr/libexec/editor \
                --with-env-editor \
                $(use_with offensive insults) \
                $(use_with offensive all-insults) \
                $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
                $(use_with ldap) \
                $(use_enable nls) \
                $(use_with pam) \
                $(use_with skey) \
                $(use_with selinux) \
                --without-opie \
                --without-linux-audit \
                --with-timedir=/var/db/sudo \
                --with-plugindir=/usr/$(get_libdir)/sudo \
                --docdir=/usr/share/doc/${PF}
}

src_install() {
        emake DESTDIR="${D}" install || die

        if use ldap ; then
                dodoc README.LDAP doc/schema.OpenLDAP
                dosbin plugins/sudoers/sudoers2ldif

                cat <<-EOF > "${T}"/ldap.conf.sudo
                # See ldap.conf(5) and README.LDAP for details
                # This file should only be readable by root

                # supported directives: host, port, ssl, ldap_version
                # uri, binddn, bindpw, sudoers_base, sudoers_debug
                # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key
                EOF

                insinto /etc
                doins "${T}"/ldap.conf.sudo
                fperms 0440 /etc/ldap.conf.sudo
        fi

        pamd_mimic system-auth sudo auth account session

        keepdir /var/db/sudo
        fperms 0700 /var/db/sudo
}

pkg_postinst() {
        if use ldap ; then
                ewarn
                ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
                ewarn
                if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
                        ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
                        ewarn "configured in /etc/nsswitch.conf."
                        ewarn
                        ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
                        ewarn "  sudoers: ldap files"
                        ewarn
                fi
        fi

        elog "To use the -A (askpass) option, you need to install a compatible"
        elog "password program from the following list. Starred packages will"
        elog "automatically register for the use with sudo (but will not force"
        elog "the -A option):"
        elog ""
        elog " [*] net-misc/ssh-askpass-fullscreen"
        elog "     net-misc/x11-ssh-askpass"
        elog ""
        elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
        elog "variable to the program you want to use."
}
1	# Copyright 1999-2012 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.8.3_p2.ebuild,v 1.10 2012/04/23 23:30:13 vapier Exp $
4
5	EAPI="4"
6
7	inherit eutils pam multilib libtool
8
9	MY_P=${P/_/}
10	MY_P=${MY_P/beta/b}
11
12	uri_prefix=
13	case ${P} in
14	_beta\|_rc) uri_prefix=beta/ ;;
15	esac
16
17	DESCRIPTION="Allows users or groups to run commands as other users"
18	HOMEPAGE="http://www.sudo.ws/"
19	SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
20	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
21
22	# Basic license is ISC-style as-is, some files are released under
23	# 3-clause BSD license
24	LICENSE="as-is BSD"
25	SLOT="0"
26	KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
27	IUSE="ldap nls pam offensive selinux skey"
28
29	DEPEND="pam? ( virtual/pam )
30	skey? ( >=sys-auth/skey-1.1.5-r1 )
31	ldap? (
32	>=net-nds/openldap-2.1.30-r1
33	dev-libs/cyrus-sasl
34	)
35	sys-libs/zlib"
36	RDEPEND="${DEPEND}
37	selinux? ( sec-policy/selinux-sudo )
38	ldap? ( dev-lang/perl )
39	pam? ( sys-auth/pambase )
40	>=app-misc/editor-wrapper-3
41	virtual/editor
42	virtual/mta"
43	DEPEND="${DEPEND}
44	sys-devel/bison"
45
46	S=${WORKDIR}/${MY_P}
47
48	REQUIRED_USE="pam? ( !skey ) skey? ( !pam )"
49
50	MAKEOPTS+=" SAMPLES="
51
52	src_prepare() {
53	epatch "${FILESDIR}"/${PN}-1.8.3_p1-linguas.patch
54	epatch "${FILESDIR}"/${PN}-1.8.3_p1-no-utmpx.patch
55	elibtoolize
56	}
57
58	set_rootpath() {
59	# FIXME: secure_path is a compile time setting. using ROOTPATH
60	# is not perfect, env-update may invalidate this, but until it
61	# is available as a sudoers setting this will have to do.
62	einfo "Setting secure_path ..."
63
64	# first extract the default ROOTPATH from build env
65	ROOTPATH=$(unset ROOTPATH; . /etc/profile.env; echo "${ROOTPATH}")
66	if [[ -z ${ROOTPATH} ]] ; then
67	ewarn " Failed to find ROOTPATH, please report this"
68	fi
69
70	# then remove duplicate path entries
71	cleanpath() {
72	local newpath thisp IFS=:
73	for thisp in $1 ; do
74	if [[ :${newpath}: != :${thisp}: ]] ; then
75	newpath+=:$thisp
76	else
77	einfo " Duplicate entry ${thisp} removed..."
78	fi
79	done
80	ROOTPATH=${newpath#:}
81	}
82	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
83
84	# finally, strip gcc paths #136027
85	rmpath() {
86	local e newpath thisp IFS=:
87	for thisp in ${ROOTPATH} ; do
88	for e ; do [[ $thisp == $e ]] && continue 2 ; done
89	newpath+=:$thisp
90	done
91	ROOTPATH=${newpath#:}
92	}
93	rmpath '/gcc-bin/' '/gnat-gcc-bin/' '/gnat-gcc/'
94
95	einfo "... done"
96	}
97
98	src_configure() {
99	local ROOTPATH
100	set_rootpath
101
102	# audit: somebody got to explain me how I can test this before I
103	# enable it.. - Diego
104	# plugindir: autoconf code is crappy and does not delay evaluation
105	# until `make` time, so we have to use a full path here rather than
106	# basing off other values.
107	econf \
108	--enable-zlib=system \
109	--with-secure-path="${ROOTPATH}" \
110	--with-editor=/usr/libexec/editor \
111	--with-env-editor \
112	$(use_with offensive insults) \
113	$(use_with offensive all-insults) \
114	$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
115	$(use_with ldap) \
116	$(use_enable nls) \
117	$(use_with pam) \
118	$(use_with skey) \
119	$(use_with selinux) \
120	--without-opie \
121	--without-linux-audit \
122	--with-timedir=/var/db/sudo \
123	--with-plugindir=/usr/$(get_libdir)/sudo \
124	--docdir=/usr/share/doc/${PF}
125	}
126
127	src_install() {
128	emake DESTDIR="${D}" install \|\| die
129
130	if use ldap ; then
131	dodoc README.LDAP doc/schema.OpenLDAP
132	dosbin plugins/sudoers/sudoers2ldif
133
134	cat <<-EOF > "${T}"/ldap.conf.sudo
135	# See ldap.conf(5) and README.LDAP for details
136	# This file should only be readable by root
137
138	# supported directives: host, port, ssl, ldap_version
139	# uri, binddn, bindpw, sudoers_base, sudoers_debug
140	# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key
141	EOF
142
143	insinto /etc
144	doins "${T}"/ldap.conf.sudo
145	fperms 0440 /etc/ldap.conf.sudo
146	fi
147
148	pamd_mimic system-auth sudo auth account session
149
150	keepdir /var/db/sudo
151	fperms 0700 /var/db/sudo
152	}
153
154	pkg_postinst() {
155	if use ldap ; then
156	ewarn
157	ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
158	ewarn
159	if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
160	ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
161	ewarn "configured in /etc/nsswitch.conf."
162	ewarn
163	ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
164	ewarn " sudoers: ldap files"
165	ewarn
166	fi
167	fi
168
169	elog "To use the -A (askpass) option, you need to install a compatible"
170	elog "password program from the following list. Starred packages will"
171	elog "automatically register for the use with sudo (but will not force"
172	elog "the -A option):"
173	elog ""
174	elog " [*] net-misc/ssh-askpass-fullscreen"
175	elog " net-misc/x11-ssh-askpass"
176	elog ""
177	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
178	elog "variable to the program you want to use."
179	}